Misplaced Pages

Turla (malware)

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Malware package
This article may lack focus or may be about more than one topic. Please help improve this article, possibly by splitting the article and/or by introducing a disambiguation page, or discuss this issue on the talk page. (June 2017)
You can help expand this article with text translated from the corresponding article in Ukrainian. (June 2017) Click for important translation instructions.
  • Machine translation, like DeepL or Google Translate, is a useful starting point for translations, but translators must revise errors as necessary and confirm that the translation is accurate, rather than simply copy-pasting machine-translated text into the English Misplaced Pages.
  • Consider adding a topic to this template: there are already 287 articles in the main category, and specifying|topic= will aid in categorization.
  • Do not translate text that appears unreliable or low-quality. If possible, verify the text with references provided in the foreign-language article.
  • You must provide copyright attribution in the edit summary accompanying your translation by providing an interlanguage link to the source of your translation. A model attribution edit summary is Content in this edit is translated from the existing Ukrainian Misplaced Pages article at ]; see its history for attribution.
  • You may also add the template {{Translated|uk|Змія (комп'ютерний хробак)}} to the talk page.
  • For more guidance, see Misplaced Pages:Translation.

Turla or Uroboros (Russian: Турла) is a Trojan package that is suspected by computer security researchers and Western intelligence officers to be the product of a Russian government agency of the same name.

High infection rates of the virus were observed in Russia, Kazakhstan and Vietnam, followed by US and China, and low infection rates in Europe, South America and Asia (including India).

Malware

Turla has been targeting governments and militaries since at least 2008.

In December 2014 there was evidence of it targeting operating systems running Linux.

Group

The advanced persistent threat hacking group has also been named Turla. The group has probably been operating since the late 1990s, according to professor Thomas Rid of Johns Hopkins University. Dan Goodin in Ars Technica described Turla as "Russian spies". Turla has since been given other names such as Snake, Krypton, and Venomous Bear.

US actions against group

In May 2023 the United States Department of Justice announced that the United States had managed to infiltrate machines that were infected by the malware and issue a command ordering the malware to delete itself. Affidavits from the FBI and DOJ revealed that the group was part of the Russian Federal Security Service Center 16 group in Ryazan.

Possible GoldenJackal connection

ESET noted that the command and control protocol used by GoldenJackal malware is typically used by Turla, suggesting the groups may be connected.

See also

References

  1. ^ "The Russian Britney Spears Instagram hackers also used satellites to hide their tracks". Boing Boing. 8 June 2017.
  2. ^ "Suspected Russian spyware Turla targets Europe, United States". Reuters. 2014-03-13.
  3. "Archived copy" (PDF). Archived from the original (PDF) on 2020-10-26. Retrieved 2018-03-01.{{cite web}}: CS1 maint: archived copy as title (link)
  4. "Turla Hiding in the Sky: Russian Speaking Cyberespionage Group Exploits Satellites to Reach the Ultimate Level of Anonymity". kaspersky.com. 26 May 2021.
  5. Brewster, Tom (7 August 2014). "Sophisticated 'Turla' hackers spying on European governments, say researchers". The Guardian.
  6. "Turla: Spying tool targets governments and diplomats".
  7. Baumgartner, Kurt (8 December 2014). "The 'Penquin' Turla". securelist.com.
  8. ^ Greenberg, Andy (2023-05-20). "The Underground History of Russia's Most Ingenious Hacker Group". Wired. Retrieved 2023-08-20.
  9. "You'll never guess where Russian spies are hiding their control servers". Ars Technica. 6 June 2017.
  10. Lyons, Jessica (2024-10-09). "Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware". The Register. Retrieved 2024-10-16.
Hacking in the 2010s
← 2000s Timeline 2020s →
Major incidents
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
Hacktivism
Advanced
persistent threats
Individuals
Major vulnerabilities
publicly disclosed
Malware
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019


Stub icon

This malware-related article is a stub. You can help Misplaced Pages by expanding it.

Categories: